Overview

Coordinates IT Security risk assessments, responses to security audits performed by internal or external auditors, and responses to security assessments performed by other third parties, including potential customers of VNSNY service organizations. Works under general supervision.

Responsibilities
Plans and coordinates security assessments and related remediation throughout the year, including regulatory security risk assessments, penetration testing, and social engineering testing.Oversees third party security assessment program which is administered by contractors.Coordinates responses to security assessments performed by potential or current customers of VNSNY service organizations.Configures and uses the corporate Governance, Risk and Compliance (GRC) tool to support Risk Management and compliance efforts as they relate to Enterprise Information Security, Third Party Security Risk, and other related modules, as needed.Coordinates responses to internal audits, Model Audit Rule requests, and requests from government agencies as needed. Contributes to the improvement of internal cybersecurity audit programs.Configures and maintains the HITRUST MyCSF tool to support HITRUST Certification of service organizations and their relative systems.Coordinates periodic audit requirements using the GRC tool, including gathering evidence from stakeholders, follow-up on action items, and documenting the progress of remediation efforts.Assists with policy and procedure development.Participates in other projects and duties as assigned.
Qualifications

Education: 

Bachelor’s degree in a related field, or equivalent work experience combined with relevant certification.

Certification: 

Minimum of one of the following certifications required: 

HITRUST Certified CSF Practitioner (CCSFP) [preferred]

Certified Information Security Auditor (CISA) [preferred]

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Certified Internal Auditor (CIA)

Global Information Assurance Certification (GIAC) in related area, or other equivalent certification

Experience: 

Minimum of four years of experience in Information Security or IT Auditing, with a minimum of two years of experience performing and responding to audits, required. Experience in Healthcare and Health Insurance industry required. Experience configuring and using GRC tools for information security purposes required.  Demonstrated knowledge of HITRUST CSF, NIST CSF, NIST SP 800-53, and HIPAA Security Rule required. Demonstrated strong problem-solving, time management, interpersonal, communication (both oral and written), organizational, and decision-making skills required. Ability to manage multiple tasks and assignments required. Ability to work effectively (independently or within teams) across functional areas in a professional and collaborative environment required.